Too many problems to list in the title!

T

thekabuki

New member
Hello all,
Working on a friends laptop which has Windows XP 2. Yesterday, couldn't even get the thing past the main log on screen it was infected so bad. It just froze.

Right now, I'm in safe mode. Have scanned using Spybot & deleted all entries. Have scanned using NOrton Security Scan which was already on the computer. Have ran ATF cleaner; removed any unnecessary programs using Add/Remove Page. Tried downloading & running AVG but unable to install because I'm in safe mode.

Tons of bad stuff on here that i've deleted already. Friend had a tendency to click onto any pop up that said that their computer was infected as a result they had a lot of bogus anti spyware/anti virus applications. One that seemed to stay here no matter what i've done so far is something called ADAWARE Pro. Seems like there's lots of search stuff on there.

Here;s the log. Any help would be appreciated

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:54:04 PM, on 6/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4nb.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us4nb.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/info/e-center-p
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4nb.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://srch-us4nb.hpwis.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [EarthLink Installer] " /C
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [AVG8_TRAY] E:\avgtray.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\RunOnce: [SpybotDeletingA6794] command /c del "C:\WINDOWS\bokpkov.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5035] cmd /c del "C:\WINDOWS\bokpkov.dll_old"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB3550] command /c del "C:\WINDOWS\bokpkov.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4874] cmd /c del "C:\WINDOWS\bokpkov.dll_old"
O4 - Global Startup: Bluetooth.lnk.disabled
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://cc.iwon.com/ct/pm3/iwonpm_12_1,0,2,5.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://72.32.179.44/filter/cameraviewer/isetup.cab
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 WatchDog (avg8wd) - Unknown owner - E:\avgwdsvc.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Bluetooth\Bluetooth Software\bin\btwdins.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

--
End of file - 5128 bytes
 
Hello thekabuki

Welcome to Safer Networking.

Please read Before You Post
That said, All advice given by anyone volunteering here, is taken at own risk.
While best efforts are made to assist in removing infections safely, unexpected stuff can happen.

Since your having so many problems I am going to bypass our normal procedure, you can boot to Safemode with Network Support and download Malwarebytes and also run it in Safemode. Then reboot when the scan is done into Normal windows and post the Malwarebytes log and a New HJT log.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.<-- Don't forget this
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply along with a New Hijackthis log.
 
Hello...sorry for the delay, was busy with a rescue puppy we got from the pound yesterday :)

Anyways, here's the log file after scanning with Malawarebytes and deleting all entries. Great program, picked up a bunch of stuff the others didn't!

I didn't have to boot in safe mode, btw...after working a bit on it I was able to start it normally.

Thanks!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:25:04 PM, on 6/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - E:\avgtoolbar.dll (file missing)
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - E:\avgtoolbar.dll (file missing)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://cc.iwon.com/ct/pm3/iwonpm_12_1,0,2,5.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://72.32.179.44/filter/cameraviewer/isetup.cab
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - Unknown owner - E:\avgwdsvc.exe (file missing)
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

--
End of file - 3804 bytes
 
Hello,

We have two Basset Hounds that are rescues :)

Copy and Paste the entire report in your next reply along with a New Hijackthis log.
Click to expand...
These where the instructions for Malwarebytes, its one of the better programs, I need to see the log so I can see what has and has not been removed.
 
this is our 2nd too....5 month golden retr. mix....i don't what the heck our 1st one is...i think it's a Dingo lol....about a year old and i swear it looks (and acts) just like an australian wild dog !!

.sorry about not posting both logs, i'm an idiot.... it was only in giant bold font, don't know how I missed it... lol, here they are now

Thanks!!

Malwarebytes' Anti-Malware 1.19
Database version: 903
Windows 5.1.2600 Service Pack 2

1:49:53 PM 6/29/2008
mbam-log-6-29-2008 (13-49-53).txt

Scan type: Full Scan (C:\|)
Objects scanned: 70817
Time elapsed: 17 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{ed0be1f5-6822-4e15-ba40-ff593a769fee} (Rogue.WinXDefender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{23e0d79c-e8d7-4163-8902-4c1c11bd9a41} (Rogue.WinXDefender) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\OneMoreKey (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\APMFC1 (Rogue.AntiTrojanPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\etlrlws.brxd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\etlrlws.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Antivirus Pro Uninstall Log.txt (Rogue.AntivirusPro) -> Quarantined and deleted successfully.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:47:10 PM, on 6/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://cc.iwon.com/ct/pm3/iwonpm_12_1,0,2,5.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://72.32.179.44/filter/cameraviewer/isetup.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

--
End of file - 3801 bytes
 
We used to belong to a Basset Hound Rescue service up here in the NE, but after rescuing a few dogs , nursing them back to health and having them around for about a month until the rescue service found someone to adopt them was something we could not do anymore so we just kept the last two .

Open HijackThis > Do a System Scan Only, close your browser and all open windows including this one, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.

O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://cc.iwon.com/ct/pm3/iwonpm_12_1,0,2,5.cab

Malwarebytes found and removed some nasty stuff, there may be more so lets run this program. I need to see the log from it and a new HJT log.

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post the Combofix log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
 
yeah, it's got to be hard to love them, then let them go, but i'm sure if they could, they'd tell you how thankful they were to be given a 2nd chance!

ComboFix 08-06-20.4 - Owner 2008-07-01 1:11:32.1 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-06-01 to 2008-07-01 )))))))))))))))))))))))))))))))
.

2008-06-29 15:48 . 2008-06-29 15:49 <DIR> d--h-c--- C:\$AVG8.VAULT$
2008-06-29 14:42 . 2008-06-29 14:42 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-29 14:41 . 2008-06-29 14:41 <DIR> d-------- C:\Program Files\AVG
2008-06-29 12:11 . 2008-06-29 12:11 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-06-29 12:09 . 2008-06-29 12:09 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-29 12:09 . 2008-06-28 13:21 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-29 12:08 . 2008-06-29 12:10 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-29 12:08 . 2008-06-28 13:21 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-27 22:35 . 2008-06-27 22:35 <DIR> d-------- C:\Program Files\Alwil Software
2008-06-27 22:24 . 2008-06-29 14:49 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR
2008-06-27 22:03 . 2008-06-27 22:03 <DIR> d--h----- C:\WINDOWS\PIF
2008-06-27 17:53 . 2008-06-27 17:53 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-27 16:53 . 2008-06-27 16:53 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-27 16:53 . 2008-06-27 16:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-27 14:12 . 2008-06-27 14:12 <DIR> d-------- C:\Program Files\AxBx
2008-06-27 13:48 . 2008-06-29 14:39 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-27 13:48 . 2008-06-27 13:48 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-27 13:48 . 2008-06-27 13:48 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-27 13:44 . 2008-06-29 14:46 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-27 11:17 . 2008-06-27 11:17 2,544 --a------ C:\WINDOWS\system32\OEMINFO.PNF
2008-06-27 01:35 . 2008-06-27 01:35 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\AVGTOOLBAR
2008-06-26 23:34 . 2008-06-26 23:36 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\MSN6
2008-06-26 22:57 . 2008-06-26 22:57 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-06-26 13:29 . 2008-06-26 13:29 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-06-26 13:10 . 2003-04-12 04:11 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-06-26 13:10 . 2008-06-26 13:10 <DIR> d----c--- C:\Documents and Settings\Administrator

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-29 20:53 --------- d-----w C:\Program Files\Hewlett-Packard
2008-06-28 03:01 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-27 22:57 --------- d-----w C:\Program Files\Norton Security Scan
2008-06-27 16:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-27 16:21 --------- d-----w C:\Program Files\InterActual
2008-06-27 16:19 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-27 16:13 --------- d-----w C:\Program Files\Google
2008-06-27 03:18 --------- d-----w C:\Program Files\HPQ
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2002-08-15 17:18 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-08-14 19:29 290816]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-29 14:41 1177368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk.disabled]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk.disabled
backup=C:\WINDOWS\pss\Bluetooth.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^.protected]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\.protected
backup=C:\WINDOWS\pss\.protectedStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^HOTLLAMA Update Check.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\HOTLLAMA Update Check.lnk
backup=C:\WINDOWS\pss\HOTLLAMA Update Check.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdwareProMFC]
C:\Program Files\AntiTrojan Pro\AntiTrojan Pro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 02:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a------ 2001-07-19 16:50 52736 c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneMoreKey]
C:\Program Files\XP Antivirus\xpa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PreloadApp]
--a------ 2001-12-12 09:05 36864 c:\hp\drivers\printers\photosmart\hphprld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\srmclean]
--a--c--- 2001-07-24 16:34 36864 C:\Cpqs\Scom\srmclean.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2003-03-14 07:56 634880 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2003-03-14 07:56 110592 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TV Now]
C:\Program Files\HPQ\Notebook Utilities\TvNow.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Display Settings"=C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
"CARPService"=carpserv.exe
"QT4HPOT"=C:\Program Files\HPQ\One-Touch\OneTouch.EXE
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-27 13:48]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-29 14:41]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-29 14:41]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-29 14:42]
R3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;C:\WINDOWS\system32\drivers\caliaud.sys [2002-11-05 10:04]
R3 CALIHALA;CALIHALA;C:\WINDOWS\system32\drivers\calihal.sys [2002-11-05 10:04]
R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;C:\WINDOWS\system32\DRIVERS\DP83815.SYS [2002-08-28 19:00]
S3 ALiIRDA;ALi Infrared Device Driver;C:\WINDOWS\system32\DRIVERS\aliirda.sys [2001-12-17 06:54]
S3 HSFHWCD2;HSFHWCD2;C:\WINDOWS\system32\DRIVERS\USR_CD2.sys []

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-03-19 11:59:18 C:\WINDOWS\Tasks\{C33A1CCF-E567-45DD-B63F-A62CECE7B7CC}_CPQ13668132152_Owner.job"
- C:\WINDOWS\system32\mobsync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-01 01:16:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-01 1:20:07
ComboFix-quarantined-files.txt 2008-07-01 06:19:54

Pre-Run: 31,070,810,112 bytes free
Post-Run: 31,138,435,072 bytes free

141 --- E O F --- 2008-07-01 05:14:04


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:07:28 AM, on 7/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\Install\NDP1.0sp3-KB867461-X86-Enu.exe
C:\WINDOWS\TEMP\SL2.tmp
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\System32\MsiExec.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://72.32.179.44/filter/cameraviewer/isetup.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

--
End of file - 3835 bytes
 
Hi,

Before you do anything else go to Start> Run and type in msconfig , hit enter and check the radio button for Normal Start up and ok your way out, there may be things not showing on your log.


Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Folder::

Code: 
Folder::
C:\Program Files\AntiTrojan Pro
C:\Program Files\XP Antivirus

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdwareProMFC]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneMoreKey]

Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScript.gif



This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
 
ok, here's both logs...thanks again!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:10:51 PM, on 7/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: HOTLLAMA Update Check.lnk = C:\Program Files\HOTLLAMA MEDIA\Player\WiseUpdt.exe
O4 - Global Startup: Bluetooth.lnk.disabled
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://72.32.179.44/filter/cameraviewer/isetup.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

--
End of file - 4253 bytes



ComboFix 08-07-03.1 - Owner 2008-07-03 19:57:47.2 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\.protected
C:\WINDOWS\system32\zlib.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-04 to 2008-07-04 )))))))))))))))))))))))))))))))
.

2008-07-03 19:39 . 2008-07-03 19:39 <DIR> d-------- C:\WINDOWS\LastGood
2008-06-29 15:48 . 2008-06-29 15:49 <DIR> d--h-c--- C:\$AVG8.VAULT$
2008-06-29 14:42 . 2008-06-29 14:42 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-29 14:41 . 2008-06-29 14:41 <DIR> d-------- C:\Program Files\AVG
2008-06-29 12:11 . 2008-06-29 12:11 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-06-29 12:09 . 2008-06-29 12:09 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-29 12:09 . 2008-06-28 13:21 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-29 12:08 . 2008-06-29 12:10 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-29 12:08 . 2008-06-28 13:21 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-27 22:35 . 2008-06-27 22:35 <DIR> d-------- C:\Program Files\Alwil Software
2008-06-27 22:24 . 2008-06-29 14:49 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR
2008-06-27 22:03 . 2008-06-27 22:03 <DIR> d--h----- C:\WINDOWS\PIF
2008-06-27 17:53 . 2008-06-27 17:53 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-27 16:53 . 2008-06-27 16:53 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-27 16:53 . 2008-06-27 16:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-27 14:12 . 2008-06-27 14:12 <DIR> d-------- C:\Program Files\AxBx
2008-06-27 13:48 . 2008-06-29 14:39 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-27 13:48 . 2008-06-27 13:48 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-27 13:48 . 2008-06-27 13:48 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-27 13:44 . 2008-07-03 20:03 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-27 11:17 . 2008-06-27 11:17 2,544 --a------ C:\WINDOWS\system32\OEMINFO.PNF
2008-06-27 01:35 . 2008-06-27 01:35 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\AVGTOOLBAR
2008-06-26 23:34 . 2008-06-26 23:36 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\MSN6
2008-06-26 22:57 . 2008-06-26 22:57 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-06-26 13:29 . 2008-06-26 13:29 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-06-26 13:10 . 2003-04-12 04:11 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-06-26 13:10 . 2008-06-26 13:10 <DIR> d----c--- C:\Documents and Settings\Administrator

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-29 20:53 --------- d-----w C:\Program Files\Hewlett-Packard
2008-06-28 03:01 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-27 22:57 --------- d-----w C:\Program Files\Norton Security Scan
2008-06-27 16:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-27 16:21 --------- d-----w C:\Program Files\InterActual
2008-06-27 16:19 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-27 16:13 --------- d-----w C:\Program Files\Google
2008-06-27 03:18 --------- d-----w C:\Program Files\HPQ
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
.

((((((((((((((((((((((((((((( snapshot@2008-07-01_ 1.19.22.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2002-09-09 14:59:02 6,656 ----a-w C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.3300.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-07-01 13:34:12 7,168 ----a-w C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.3300.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2002-09-09 15:05:02 32,768 ----a-w C:\WINDOWS\assembly\GAC\IEHost\1.0.3300.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-07-01 13:34:18 32,768 ----a-w C:\WINDOWS\assembly\GAC\IEHost\1.0.3300.0__b03f5f7f11d50a3a\IEHost.dll
- 2002-09-09 15:04:44 712,704 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-07-01 13:34:49 712,704 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2002-09-09 15:04:44 286,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-07-01 13:34:20 286,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2002-09-09 15:05:02 1,564,672 ----a-w C:\WINDOWS\assembly\GAC\mscorcfg\1.0.3300.0__b03f5f7f11d50a3a\mscorcfg.dll
+ 2008-07-01 13:34:51 1,564,672 ----a-w C:\WINDOWS\assembly\GAC\mscorcfg\1.0.3300.0__b03f5f7f11d50a3a\mscorcfg.dll
- 2002-09-09 15:05:02 32,768 ----a-w C:\WINDOWS\assembly\GAC\Regcode\1.0.3300.0__b03f5f7f11d50a3a\RegCode.dll
+ 2008-07-01 13:34:39 32,768 ----a-w C:\WINDOWS\assembly\GAC\Regcode\1.0.3300.0__b03f5f7f11d50a3a\RegCode.dll
- 2002-09-09 15:05:02 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Configuration.Install\1.0.3300.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2008-07-01 13:34:26 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Configuration.Install\1.0.3300.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2002-09-09 15:05:00 1,175,552 ----a-w C:\WINDOWS\assembly\GAC\System.Data\1.0.3300.0__b77a5c561934e089\System.Data.dll
+ 2008-07-01 13:34:41 1,179,648 ----a-w C:\WINDOWS\assembly\GAC\System.Data\1.0.3300.0__b77a5c561934e089\System.Data.dll
- 2002-09-09 15:04:58 1,691,648 ----a-w C:\WINDOWS\assembly\GAC\System.Design\1.0.3300.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-07-01 13:34:15 1,695,744 ----a-w C:\WINDOWS\assembly\GAC\System.Design\1.0.3300.0__b03f5f7f11d50a3a\System.Design.dll
- 2002-09-09 15:04:58 86,016 ----a-w C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.3300.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-07-01 13:34:47 86,016 ----a-w C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.3300.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2002-09-09 15:04:56 65,536 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2008-07-01 13:34:56 65,536 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2002-09-09 15:04:56 462,848 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-07-01 13:34:37 462,848 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2002-09-09 15:04:54 212,992 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.3300.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-07-01 13:34:23 212,992 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.3300.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2002-09-09 15:04:54 47,104 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.3300.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
+ 2008-07-01 13:34:23 48,640 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.3300.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
- 2002-09-09 15:04:54 348,160 ----a-w C:\WINDOWS\assembly\GAC\System.Management\1.0.3300.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-07-01 13:34:36 352,256 ----a-w C:\WINDOWS\assembly\GAC\System.Management\1.0.3300.0__b03f5f7f11d50a3a\System.Management.dll
- 2002-09-09 15:04:52 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.Messaging\1.0.3300.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-07-01 13:34:53 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.Messaging\1.0.3300.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2002-09-09 15:04:52 307,200 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.3300.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-07-01 13:34:31 311,296 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.3300.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2002-09-09 15:04:52 131,072 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.3300.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-07-01 13:34:25 131,072 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.3300.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2002-09-09 14:59:00 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Security\1.0.3300.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-07-01 13:34:30 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Security\1.0.3300.0__b03f5f7f11d50a3a\System.Security.dll
- 2002-09-09 15:04:50 126,976 ----a-w C:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.3300.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-07-01 13:34:42 126,976 ----a-w C:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.3300.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2002-09-09 15:04:50 61,440 ----a-w C:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.3300.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-07-01 13:34:22 61,440 ----a-w C:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.3300.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2002-09-09 15:04:50 503,808 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.3300.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-07-01 13:34:17 507,904 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.3300.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2002-09-09 15:04:44 1,187,840 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-07-01 13:34:44 1,200,128 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
- 2002-09-09 15:04:48 1,982,464 ----a-w C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.3300.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-07-01 13:34:28 2,002,944 ----a-w C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.3300.0__b77a5c561934e089\System.Windows.Forms.dll
- 2002-09-09 15:04:46 1,294,336 ----a-w C:\WINDOWS\assembly\GAC\System.Xml\1.0.3300.0__b77a5c561934e089\System.XML.dll
+ 2008-07-01 13:34:34 1,302,528 ----a-w C:\WINDOWS\assembly\GAC\System.Xml\1.0.3300.0__b77a5c561934e089\System.XML.dll
- 2002-09-09 15:04:56 1,167,360 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.3300.0__b77a5c561934e089\System.dll
+ 2008-07-01 13:34:55 1,179,648 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.3300.0__b77a5c561934e089\System.dll
+ 2008-07-01 13:37:03 61,440 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a_31b873bb\CustomMarshalers.dll
+ 2008-07-01 13:35:51 3,301,376 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\mscorlib\1.0.3300.0__b77a5c561934e089_6119328a\mscorlib.dll
+ 2008-07-01 13:36:21 1,454,080 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System.Design\1.0.3300.0__b03f5f7f11d50a3a_93a72e85\System.Design.dll
+ 2008-07-01 13:36:59 90,112 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a_b3465729\System.Drawing.Design.dll
+ 2008-07-01 13:36:03 847,872 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a_66c7fef3\System.Drawing.dll
+ 2008-07-01 13:36:46 2,953,216 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System.Windows.Forms\1.0.3300.0__b77a5c561934e089_1d93f91e\System.Windows.Forms.dll
+ 2008-07-01 13:36:29 2,027,520 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System.Xml\1.0.3300.0__b77a5c561934e089_1f1d9baa\System.Xml.dll
+ 2008-07-01 13:35:35 1,855,488 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System\1.0.3300.0__b77a5c561934e089_42c8ac94\System.dll
- 2008-07-01 06:00:17 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-04 00:33:23 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2002-01-05 04:55:46 126,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\1033\vbc7ui.dll
+ 2004-07-15 07:41:06 126,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\1033\vbc7ui.dll
- 2002-06-12 06:47:38 196,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
+ 2004-07-15 04:36:08 200,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
- 2002-06-12 06:47:40 24,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_regiis.exe
+ 2004-07-15 04:36:08 24,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_regiis.exe
- 2002-06-12 06:47:40 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
+ 2004-07-15 04:36:10 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
- 2002-06-12 07:54:20 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\CasPol.exe
+ 2004-07-15 16:05:24 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\CasPol.exe
- 2002-06-12 06:03:56 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\CORPerfMonExt.dll
+ 2004-07-15 03:50:22 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\CORPerfMonExt.dll
- 2002-01-05 06:49:32 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\csc.exe
+ 2004-07-15 09:45:44 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\csc.exe
- 2002-06-12 14:19:02 589,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\cscomp.dll
+ 2004-07-15 15:27:20 589,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\cscomp.dll
- 2002-01-04 23:40:40 798,720 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\EventLogMessages.dll
+ 2004-07-15 04:33:28 798,720 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\EventLogMessages.dll
- 2002-06-12 06:01:54 221,184 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\fusion.dll
+ 2004-07-15 03:48:20 233,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\fusion.dll
- 2002-06-12 07:54:28 6,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
+ 2004-07-15 16:04:44 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
- 2002-01-05 10:41:48 6,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\IEExecRemote.dll
+ 2004-07-15 16:05:18 7,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\IEExecRemote.dll
- 2002-06-12 07:54:32 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\IEHost.dll
+ 2004-07-15 16:04:56 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\IEHost.dll
- 2002-01-04 23:32:50 180,224 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ilasm.exe
+ 2004-07-15 03:50:54 184,320 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ilasm.exe
- 2002-06-12 07:54:34 24,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\InstallUtil.exe
+ 2004-07-15 16:05:28 24,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\InstallUtil.exe
- 2002-06-12 07:54:36 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\jsc.exe
+ 2004-07-15 16:05:00 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\jsc.exe
- 2002-06-12 07:54:42 712,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.JScript.dll
+ 2004-07-15 16:05:48 712,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.JScript.dll
- 2002-06-12 07:54:44 286,720 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.VisualBasic.dll
+ 2004-07-15 16:05:16 286,720 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.VisualBasic.dll
- 2002-06-12 07:55:00 1,564,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorcfg.dll
+ 2004-07-15 16:05:52 1,564,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorcfg.dll
- 2002-01-04 23:32:38 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscordbc.dll
+ 2004-07-15 03:50:28 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscordbc.dll
- 2002-01-04 23:32:38 221,184 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscordbi.dll
+ 2004-07-15 03:50:28 221,184 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscordbi.dll
- 2002-01-04 23:32:40 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
+ 2004-07-15 03:50:30 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
- 2002-06-11 23:02:02 303,104 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll
+ 2004-07-15 03:48:28 303,104 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll
- 2002-06-11 23:04:04 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
+ 2004-07-15 03:50:30 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
- 2002-06-12 14:55:02 1,953,792 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
+ 2004-07-15 16:05:34 1,998,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
- 2002-01-04 23:31:46 61,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorpe.dll
+ 2004-07-15 03:50:32 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorpe.dll
- 2002-01-04 23:32:38 143,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorrc.dll
+ 2004-07-15 03:50:32 143,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorrc.dll
- 2002-01-04 23:32:38 57,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorsec.dll
+ 2004-07-15 03:50:34 46,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorsec.dll
- 2002-01-04 23:32:40 65,536 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorsn.dll
+ 2004-07-15 03:50:34 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorsn.dll
- 2002-06-12 06:02:40 2,260,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
+ 2004-07-15 03:49:06 2,265,088 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
- 2002-01-04 23:32:44 8,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscortim.dll
+ 2004-07-15 03:50:40 8,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscortim.dll
- 2002-06-12 06:03:24 2,260,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
+ 2004-07-15 03:49:54 2,269,184 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
- 2002-05-09 04:38:44 45,056 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\netfxupdate.exe
+ 2004-08-10 21:20:00 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\netfxupdate.exe
- 2002-01-04 23:32:52 143,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ngen.exe
+ 2004-07-15 03:50:58 147,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ngen.exe
- 2002-01-04 23:40:42 20,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\PerfCounter.dll
+ 2004-07-15 04:33:30 20,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\PerfCounter.dll
- 2002-06-12 07:55:06 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\RegAsm.exe
+ 2004-07-15 16:05:12 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\RegAsm.exe
- 2002-06-12 07:55:08 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\RegCode.dll
+ 2004-07-15 16:04:58 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\RegCode.dll
- 2002-06-12 14:55:12 11,264 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\RegSvcs.exe
+ 2004-07-15 16:04:12 11,264 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\RegSvcs.exe
- 2002-06-12 07:55:22 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Configuration.Install.dll
+ 2004-07-15 16:05:10 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Configuration.Install.dll
- 2002-06-12 07:55:24 1,175,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Data.dll
+ 2004-07-15 16:05:50 1,179,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Data.dll
- 2002-06-12 07:55:26 1,691,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Design.dll
+ 2004-07-15 16:05:22 1,695,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Design.dll
- 2002-06-12 07:55:30 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.DirectoryServices.dll
+ 2004-07-15 16:05:40 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.DirectoryServices.dll
- 2002-06-12 14:55:32 1,167,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.dll
+ 2004-07-15 16:05:20 1,179,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.dll
- 2002-06-12 07:55:32 65,536 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Drawing.Design.dll
+ 2004-07-15 16:05:20 65,536 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Drawing.Design.dll
- 2002-06-12 07:55:34 462,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Drawing.dll
+ 2004-07-15 16:05:18 462,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Drawing.dll
- 2002-06-12 07:55:38 212,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.EnterpriseServices.dll
+ 2004-07-15 16:05:46 212,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.EnterpriseServices.dll
- 2002-06-11 23:04:28 47,104 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.EnterpriseServices.Thunk.dll
+ 2004-07-15 03:50:50 48,640 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.EnterpriseServices.Thunk.dll
- 2002-06-12 14:55:40 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Management.dll
+ 2004-07-15 16:05:18 352,256 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Management.dll
- 2002-06-12 07:55:42 241,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Messaging.dll
+ 2004-07-15 16:05:28 241,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Messaging.dll
- 2002-06-12 07:53:44 307,200 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Runtime.Remoting.dll
+ 2004-07-15 16:05:30 311,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Runtime.Remoting.dll
- 2002-06-12 07:53:46 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Runtime.Serialization.Formatters.Soap.dll
+ 2004-07-15 16:05:14 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Runtime.Serialization.Formatters.Soap.dll
- 2002-01-05 11:12:50 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Security.dll
+ 2004-07-15 16:05:22 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Security.dll
- 2002-06-12 07:53:52 126,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.ServiceProcess.dll
+ 2004-07-15 16:05:26 126,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.ServiceProcess.dll
- 2002-06-12 14:53:54 1,187,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
+ 2004-07-15 16:05:34 1,200,128 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
- 2002-06-12 07:53:56 61,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Web.RegularExpressions.dll
+ 2004-07-15 16:05:38 61,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Web.RegularExpressions.dll
- 2002-06-12 07:53:58 503,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Web.Services.dll
+ 2004-07-15 16:05:30 507,904 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Web.Services.dll
- 2002-06-12 14:54:00 1,982,464 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Windows.Forms.dll
+ 2004-07-15 16:05:22 2,002,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Windows.Forms.dll
- 2002-06-12 14:54:04 1,294,336 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.XML.dll
+ 2004-07-15 16:05:22 1,302,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.XML.dll
+ 2004-06-22 18:51:38 53,248 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\hotfix.exe
- 2002-01-05 10:00:58 712,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\vbc.exe
+ 2004-07-15 15:27:02 716,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\vbc.exe
- 2002-01-05 06:39:32 999,424 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\VsaVb7rt.dll
+ 2004-07-15 09:36:38 999,424 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\VsaVb7rt.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-08-14 19:29 290816]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-29 14:41 1177368]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-03-14 07:56 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-03-14 07:56 634880]
"srmclean"="C:\Cpqs\Scom\srmclean.exe" [2001-07-24 16:34 36864]
"PreloadApp"="c:\hp\drivers\printers\photosmart\hphprld.exe" [2001-12-12 09:05 36864]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [2001-07-19 16:50 52736]
"ATIModeChange"="Ati2mdxx.exe" [2002-08-15 17:18 28672 C:\WINDOWS\system32\Ati2mdxx.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Display Settings"=C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
"CARPService"=carpserv.exe
"QT4HPOT"=C:\Program Files\HPQ\One-Touch\OneTouch.EXE
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-27 13:48]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-29 14:42]
R3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;C:\WINDOWS\system32\drivers\caliaud.sys [2002-11-05 10:04]
R3 CALIHALA;CALIHALA;C:\WINDOWS\system32\drivers\calihal.sys [2002-11-05 10:04]
R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;C:\WINDOWS\system32\DRIVERS\DP83815.SYS [2002-08-28 19:00]
S3 ALiIRDA;ALi Infrared Device Driver;C:\WINDOWS\system32\DRIVERS\aliirda.sys [2001-12-17 06:54]
S3 HSFHWCD2;HSFHWCD2;C:\WINDOWS\system32\DRIVERS\USR_CD2.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-03-19 11:59:18 C:\WINDOWS\Tasks\{C33A1CCF-E567-45DD-B63F-A62CECE7B7CC}_CPQ13668132152_Owner.job"
- C:\WINDOWS\system32\mobsync.exe
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{4E7BD74F-2B8D-469E-92BE-BF2DFE9AAE2C} - (no file)
HKCU-Run-swg - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKCU-Run-AdwareProMFC - C:\Program Files\AntiTrojan Pro\AntiTrojan Pro.exe
HKLM-Run-TV Now - C:\Program Files\HPQ\Notebook Utilities\TvNow.exe
HKLM-Run-Google Desktop Search - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
HKLM-Run-AdaptecDirectCD - C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-03 20:02:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-03 20:08:22
ComboFix-quarantined-files.txt 2008-07-04 01:08:16
ComboFix2.txt 2008-07-01 06:20:10

Pre-Run: 31,807,008,768 bytes free
Post-Run: 31,798,763,520 bytes free

308 --- E O F --- 2008-07-01 13:35:32
 
Things are running great!!!

I can't thank you enough, this is terrific. My friend is so excited. She doesn't have much money and while she was working down in Florida for the winter, she had someone look at it (not a pro, just a friend) who told her the motherboard was shot & to pitch the thing. When she got up her to MI I asked her to let me have a crack at it. I am curious about things and figured what the heck, I couldn't mess it up anymore than it already was!

These boards are the best. thank you so much for giving of your time to help people like me out....it really is appreciated!
 
That's great, I have some old computers that have been running just fine after 10 years with no issues, a bit outdated though.

This system cleaner will help speed things up.

Please download ATF Cleaner by Atribune to your desktop.
  • This program is for XP and Windows 2000 only
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up


ATF Cleaner is yours to keep, written by one of our own, it will clean out all the garbage like temp files and such.

Malwarebytes This is also yours to keep, check for updates and run a scan once in awhile.


  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.

    • CF_Cleanup.png

  • When shown the disclaimer, Select "2"

The above procedure will:
  • Delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.








Keep in mind if you install some of these programs. Only ONE Anti Virus and only ONE Firewall is recommended, more is overkill and can cause you problems. You can install all the Spyware programs I have listed without any problems. If you install Spyware Blaster, you can still install Spybot Search and Destroy but do not enable the TeaTimer in Spybot.
Click to expand...

Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community
  • Spybot Search and Destroy 1.5
    Check for Updates/ Immunize and run a Full System Scan on a regular basis. If you install Spyware Blaster ( Recommended ) then do not enable the TeaTimer in Spybot Search and Destroy.
  • Spyware Blaster It will prevent most spyware from ever being installed. No scan to run, just update about once a week and enable all protection.
  • Spyware Guard It offers realtime protection from spyware installation attempts, again, no scan to run, just install it and let it do its thing.
  • IE-Spyad
    IE-Spyad places over 6000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • Firefox 3 It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.

Glad we could help

Safe Surfn
Ken
 
You must log in or register to reply here.
Back
Top